[pam: 1/2] fix dereference in pam_env fix wrong parse of user at host pattern in pam_access (#732081)
Tomáš Mráz
tmraz at fedoraproject.org
Thu Aug 25 14:11:32 UTC 2011
commit 9f296559082d417631d1b4e930e65ec9f8505dcf
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Thu Aug 25 16:09:08 2011 +0200
fix dereference in pam_env
fix wrong parse of user at host pattern in pam_access (#732081)
pam-1.1.4-access-split.patch | 35 ++++++++++++++++++++
pam-1.1.4-console-fixes.patch | 72 +++++++++++++++++++++++++++++++++++++++++
pam-1.1.4-env-deref.patch | 49 ++++++++++++++++++++++++++++
pam.spec | 18 ++++++++--
4 files changed, 170 insertions(+), 4 deletions(-)
---
diff --git a/pam-1.1.4-access-split.patch b/pam-1.1.4-access-split.patch
new file mode 100644
index 0000000..613de6c
--- /dev/null
+++ b/pam-1.1.4-access-split.patch
@@ -0,0 +1,35 @@
+commit 61f4f06abc9b8fcb3c478fa430b52499fd2ca300
+Author: Tomas Mraz <tmraz at fedoraproject.org>
+Date: Thu Aug 25 15:48:51 2011 +0200
+
+ Fix the split on @ in the user field. (Red Hat Bug #732081)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7563098..b4f1ef8 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2011-08-25 Tomas Mraz <tm at t8m.info>
++
++ * modules/pam_access/pam_access.c (user_match): Fix the split
++ on @ in the user field. (Red Hat Bug #732081)
++
+ 2011-08-23 Tomas Mraz <tm at t8m.info>
+
+ * modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference.
+diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
+index 0eb1e8c..472116c 100644
+--- a/modules/pam_access/pam_access.c
++++ b/modules/pam_access/pam_access.c
+@@ -521,7 +521,10 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+ * name of the user's primary group.
+ */
+
+- if (tok[0] != '@' && (at = strchr(tok + 1, '@')) != 0) {
++ /* Try to split on a pattern (@*[^@]+)(@+.*) */
++ for (at = tok; *at == '@'; ++at);
++
++ if ((at = strchr(at, '@')) != NULL) {
+ /* split user at host pattern */
+ if (item->hostname == NULL)
+ return NO;
diff --git a/pam-1.1.4-console-fixes.patch b/pam-1.1.4-console-fixes.patch
new file mode 100644
index 0000000..11c03e6
--- /dev/null
+++ b/pam-1.1.4-console-fixes.patch
@@ -0,0 +1,72 @@
+diff -up Linux-PAM-1.1.4/modules/pam_console/handlers.c.console-fixes Linux-PAM-1.1.4/modules/pam_console/handlers.c
+--- Linux-PAM-1.1.4/modules/pam_console/handlers.c.console-fixes 2008-12-16 13:37:52.000000000 +0100
++++ Linux-PAM-1.1.4/modules/pam_console/handlers.c 2011-07-15 14:49:39.000000000 +0200
+@@ -172,13 +172,13 @@ call_exec(struct console_handler *handle
+ const char *flagptr;
+ const char **argv;
+ int i = 0;
+- argv = malloc(sizeof(*argv)*nparams+2);
+-
++ argv = malloc(sizeof(*argv)*(nparams+2));
++
+ if (argv == NULL)
+ return;
+-
++
+ argv[i++] = handler->executable;
+-
++
+ for (flagptr = handler->flags; *flagptr != '\0'; flagptr += strlen(flagptr)+1) {
+ switch (testflag(flagptr)) {
+ case HF_LOGFAIL:
+@@ -231,7 +231,7 @@ execute_handler(pam_handle_t *pamh, stru
+ }
+
+ sighandler = signal(SIGCHLD, SIG_DFL);
+-
++
+ child = fork();
+ switch (child) {
+ case -1:
+@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru
+ if (!wait_exit) {
+ switch(fork()) {
+ case 0:
+- exit(0);
++ if(setsid() == -1) {
++ _exit(255);
++ }
++ break;
+ case -1:
+- exit(255);
++ _exit(255);
+ default:
+- if(setsid() == -1) {
+- exit(255);
+- }
++ _exit(0);
+ }
+ }
+ if (set_uid) {
+ struct passwd *pw;
+ pw = getpwnam(user);
+ if (pw == NULL)
+- exit(255);
++ _exit(255);
+ if (setgid(pw->pw_gid) == -1 ||
++ setgroups(0, NULL) == -1 ||
+ setuid(pw->pw_uid) == -1)
+- exit(255);
++ _exit(255);
+ }
+ call_exec(handler, nparams, user, tty);
+- exit(255);
++ _exit(255);
+ default:
+ break;
+ }
+-
++
+ waitpid(child, &rv, 0);
+
+ if (sighandler != SIG_ERR)
diff --git a/pam-1.1.4-env-deref.patch b/pam-1.1.4-env-deref.patch
new file mode 100644
index 0000000..f87e393
--- /dev/null
+++ b/pam-1.1.4-env-deref.patch
@@ -0,0 +1,49 @@
+commit ca6fbe92205fe5b4acf2e92e4c2bf73327b26780
+Author: Tomas Mraz <tmraz at fedoraproject.org>
+Date: Tue Aug 23 12:42:32 2011 +0200
+
+ Fix missing dereference.
+
+diff --git a/ChangeLog b/ChangeLog
+index 07f120f..7563098 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,7 @@
++2011-08-23 Tomas Mraz <tm at t8m.info>
++
++ * modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference.
++
+ 2011-06-22 Thorsten Kukuk <kukuk at thkukuk.de>
+
+ * release version 1.1.4
+diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
+index 865fbaf..1ec01ca 100644
+--- a/modules/pam_env/pam_env.c
++++ b/modules/pam_env/pam_env.c
+@@ -99,7 +99,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ if (!strcmp(*argv,"debug"))
+ ctrl |= PAM_DEBUG_ARG;
+ else if (!strncmp(*argv,"conffile=",9)) {
+- if (*argv+9 == '\0') {
++ if ((*argv)[9] == '\0') {
+ pam_syslog(pamh, LOG_ERR,
+ "conffile= specification missing argument - ignored");
+ } else {
+@@ -107,7 +107,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ D(("new Configuration File: %s", *conffile));
+ }
+ } else if (!strncmp(*argv,"envfile=",8)) {
+- if (*argv+8 == '\0') {
++ if ((*argv)[8] == '\0') {
+ pam_syslog (pamh, LOG_ERR,
+ "envfile= specification missing argument - ignored");
+ } else {
+@@ -115,7 +115,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ D(("new Env File: %s", *envfile));
+ }
+ } else if (!strncmp(*argv,"user_envfile=",13)) {
+- if (*argv+13 == '\0') {
++ if ((*argv)[13] == '\0') {
+ pam_syslog (pamh, LOG_ERR,
+ "user_envfile= specification missing argument - ignored");
+ } else {
diff --git a/pam.spec b/pam.spec
index 273f33f..35a7a60 100644
--- a/pam.spec
+++ b/pam.spec
@@ -4,8 +4,9 @@ Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.1.4
Release: 2%{?dist}
-# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
-# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
+# The library is BSD licensed with option to relicense as GPLv2+
+# - this option is redundant as the BSD license allows that anyway.
+# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
License: BSD and GPLv2+
Group: System Environment/Base
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
@@ -35,6 +36,8 @@ Patch10: pam-1.1.3-nouserenv.patch
Patch11: pam-1.1.3-console-abstract.patch
Patch12: pam-1.1.3-faillock-screensaver.patch
# Upstreamed patches
+Patch30: pam-1.1.4-env-deref.patch
+Patch31: pam-1.1.4-access-split.patch
%define _sbindir /sbin
%define _moduledir /%{_lib}/security
@@ -49,7 +52,7 @@ Patch12: pam-1.1.3-faillock-screensaver.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: cracklib, cracklib-dicts >= 2.8
+Requires: cracklib-dicts >= 2.8
Requires(post): coreutils, /sbin/ldconfig
BuildRequires: autoconf >= 2.60
BuildRequires: automake, libtool
@@ -80,7 +83,7 @@ having to recompile programs that handle authentication.
%package devel
Group: Development/Libraries
Summary: Files needed for developing PAM-aware applications and modules for PAM
-Requires: pam = %{version}-%{release}
+Requires: pam%{?_isa} = %{version}-%{release}
%description devel
PAM (Pluggable Authentication Modules) is a system security tool that
@@ -106,6 +109,9 @@ mv pam-redhat-%{pam_redhat_version}/* modules
%patch11 -p1 -b .abstract
%patch12 -p1 -b .screensaver
+%patch30 -p1 -b .deref
+%patch31 -p1 -b .split
+
libtoolize -f
autoreconf
@@ -359,6 +365,10 @@ fi
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Thu Aug 25 2011 Tomas Mraz <tmraz at redhat.com> 1.1.4-3
+- fix dereference in pam_env
+- fix wrong parse of user at host pattern in pam_access (#732081)
+
* Fri Jul 15 2011 Tomas Mraz <tmraz at redhat.com> 1.1.4-2
- clear supplementary groups in pam_console handler execution
More information about the scm-commits
mailing list